Pam authentication error authentication failure

sshd log contains «pam_unix authentication failure» [closed]

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 4 years ago .

I am getting the following error messages in my Linux machine.

this happens often and my log is full of this error message. How to overcome this issue?

1 Answer 1

Someone is trying to brute-force the password for your root user.
(It doesn’t matter if password login is prohibited for it — they can still try, they’ll just fail every time.)

You normally won’t want to suppress these log messages; they can be useful information when someone does manage to break into your system at some point.
_{(Though you’ll need append-only off-site backups of the log to be safe in that case.)}

You can use a log aggregation system (like Logstash or Graylog) to filter off these messages into a different view to deal with them separately, or you can grep -v ‘[Aa]uthentication failure]’ /var/log/syslog | less to filter them out when manually viewing the log.

You can also report the brute-force attempts to the operator of the source system, but that’s usually tilting at windmills.
_{(Note that you’re seeing the private network address of your NAT gateway (172.16.2.1), so you’ll need to check the gateway for the actual external address.)}

The usual mitigations are just pre-filtering and obfuscation:

Make sure password-based login for the root user is disabled in your /etc/ssh/sshd_config :

Источник

SSH: PAM authentication error for myuser from IP

soulviasound

I have a problem and can’t figure out how to resolve:

I just installed a FreeBSD 8.3 on virtualbox with bridge option as network adapter and I get this message when I try to connect to machine via SSH from a local network machine, I get this message:

But when I try to connect via SSH directly from machine, everything work great.

Right now /etc/ssh/sshd_conf is in the default state, but I have tried to enable:

without any succes. So I have revert to default.

mamalos

soulviasound

Thank you for reply mamlos,

Since the FreeBSD (guest) machine work on a bridge adaptor, it have it’s own IP (in this case 192.168.178.28), so I’m sure and I also don’t run any SSH server on host (would refuse connection).

In fact when I said a «from local network machine», I refereed to the HOST terminal.

ifconfig for HOST (OSX):

ifconfig for guest (FreeBSD):

soulviasound

AlexJ

mamalos

The error message comes from /var/log/auth.log of FreeBSD? If not, what are the error messages of this file? Are you sure you’re using correct username and or password for testuser? There is no good reason why an ssh connection should work for some network nodes and not work for others, unless it’s a firewall issue. But since you’re connecting to the machines ssh port, then it can’t be that.

Lastly, have you tried a NATed configuration with port redirection to see if that works?

soulviasound

I found the problem, but still with have some questions.

The password contained «(» character and I use a german layout keyboard. I changed to a simple password and it worked. Even so, in my OSX terminal I see exactly what I type, I tried to type the password in a non hide field and it’s ok. OSX terminal shouldn’t send exactly what I see ? I manage another Free BSD server with same keyboard, same terminal and it worked great.

I tried different keyboard layouts on the problematic Free BSD (even it doesn’t make sense), same error.

Any ideea ? It’s there a «Follow system keyboard layout» option for SSH ?

Thank’s for help.

soulviasound

I want to mention that I have tested the password with others SSH clients, SSH app for iOS and Putty: same problem.

I even changed the keyboards layouts on SSH client. Same error.

soulviasound

Sorry for multi post. I don’t see any edit button.

And what it’s stranger. When I type the password directly on server (not remote), it worked even if I change the FreeBSD keyboard layout.

Источник

Solved [Solved] sshd Error messages

selhan

Can anyone explain to me why I’m finding this error messages on my server every day, and how can I get rid of this? please.

wblock@

Re: Error messages

People, or rather, bots, are trying to log in to your server by guessing account names. Please make sure that root login by sshd() is not allowed, and it is recommended to only allow login with an SSH key instead of passwords. Many people run security/sshguard to limit these attacks.

selhan

Re: Error messages

Really bad news, I didn’t expect to be under attack.
Could you please confirm if the two suggestions that you just told me are done by:

junovitch@

Re: Error messages

In /etc/ssh/sshd_config, everything that is commented by default reflects the default settings. You don’t need to uncomment this below because it already is disabled.

selhan

Re: Error messages

Splendid, Thank you!

kusanagiyang

Phishfry

It sounds like your commercial router does not have a firewall. You need to block port 22 otherwise people will be trying to guess their way in.
You should also consider either security/sshguard or security/denyhosts along with tuning your sshd_config.
Moving the SSH port and key based authentication is advised.

Источник

unixforum.org

Форум для пользователей UNIX-подобных систем

• Темы без ответов
• Активные темы
• Поиск
• Статус форума

Не могу залогинится по ssh никем кроме root

Модератор: arachnid

Не могу залогинится по ssh никем кроме root

Сообщение vintyara » 09.02.2009 00:09

Поставил фрю для повышения самоквалификации Ну и первым делом добавил себе пользователя, с группой wheel и начал настраивать веб и фтп сервер.
Все было нормально до след. дня, когда я попытался залогинится по ssh на свою фрю Оно меня не пустило Пришлось подключать клаву и моник для того, чтобы залогинится рутом и посмотреть логи. А в логах примерно такое —

Feb 8 20:59:03 server sshd[54757]: error: PAM: authentication error for illegal user vint from localhost
Feb 8 20:59:03 server sshd[54760]: login_getclass: unknown class ‘0’

Что это может быть и как это бороть?

Re: Не могу залогинится по ssh никем кроме root

Сообщение psyshit » 09.02.2009 00:39

Re: Не могу залогинится по ssh никем кроме root

# egrep -i «allow|deny» /etc/ssh/sshd_config
После любых изменений в данном файле очень желательно сделать reload или restart для sshd.

P.S. И все это goO OOogle.

Re: Не могу залогинится по ssh никем кроме root

Сообщение vintyara » 09.02.2009 11:29

# egrep -i «allow|deny» /etc/ssh/sshd_config
После любых изменений в данном файле очень желательно сделать reload или restart для sshd.

P.S. И все это goO OOogle.

]# egrep -i «allow|deny» /etc/ssh/sshd_config
# be allowed through the ChallengeResponseAuthentication and
#AllowAgentForwarding yes
#AllowTcpForwarding yes
# AllowTcpForwarding no

гугл мне не помог

]# cat /etc/ssh/sshd_config | grep AllowUsers
[root@server

Если и стоит запрет на ip — то откуда он взялся ? Ибо изначально работало, на след. день перестало.

Re: Не могу залогинится по ssh никем кроме root

Сообщение arachnid » 09.02.2009 11:34

Re: Не могу залогинится по ssh никем кроме root

Сообщение vintyara » 09.02.2009 12:28

]# adduser
Username: baraban
Full name:
Uid (Leave empty for default):
Login group [baraban]:
Login group is baraban. Invite baraban into other groups? []:
Login class [default]:
Shell (sh csh tcsh zsh bash rbash nologin) [sh]: bash
Home directory [/home/baraban]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : baraban
Password : *****
Full Name :
Uid : 1009
Class :
Groups : baraban
Home : /home/baraban
Home Mode :
Shell : /usr/local/bin/bash
Locked : no
OK? (yes/no): yes
pwd_mkdb: warning, unknown root shell
pwd_mkdb: warning, unknown root shell
adduser: INFO: Successfully added (baraban) to the user database.
Add another user? (yes/no): no
Goodbye!
[root@server

]# ssh localhost -l baraban
Password:
Password:
Password:

server sshd[56750]: error: PAM: authentication error for illegal user baraban from localhost

Re: Не могу залогинится по ssh никем кроме root

Сообщение arachnid » 09.02.2009 12:40

проверьте, если у вас баш. при своем правильном существовании ругани быть не должно.

в качестве дополнения — для упрощения работы можно сруза на этапе создания пользовтеля доавлять его в группу wheel — когда предлагают

Re: Не могу залогинится по ssh никем кроме root

Сообщение xtty » 09.02.2009 14:08

Источник

Thanks. We have received your request and will respond promptly.

Come Join Us!

• Talk With Other Members
• Be Notified Of Responses
  To Your Posts
• Keyword Search
• One-Click Access To Your
  Favorite Forums
• Automated Signatures
  On Your Posts
• Best Of All, It’s Free!

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

PAM Authentication Failing

PAM Authentication Failing

PAM Authentication Failing

I’m not really a Server Admin, but have been tasked to get this done.

Long story short, The Development server we connect to is a Centos 5.5 that authenticates users via a domain server that no longer exists.
The users don’t really exist on the dev server. There’s nothing for them in the passwd file or the shadow file.

I get the following errors in the secure log because it can no longer contact it:

Quote:

Jan 29 17:01:17 localhost sshd[3616]: Invalid user *username* from 192.168.0.206
Jan 29 17:01:27 localhost sshd[3617]: input_userauth_request: invalid user *username*
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:32 localhost sshd[3616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.206
Jan 29 17:01:32 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:34 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:01:56 localhost sshd[3616]: pam_unix(sshd:auth): check pass; user unknown
Jan 29 17:01:56 localhost sshd[3616]: pam_succeed_if(sshd:auth): error retrieving information about user *username*
Jan 29 17:01:58 localhost sshd[3616]: Failed password for invalid user *username* from 192.168.0.206 port 40453 ssh2
Jan 29 17:02:00 localhost sshd[3617]: Connection closed by 192.168.0.206

I tried creating a local user using useradd.

Quote:

For this reason only the Root user can log in to the server. Everybody else gets an access denied.
As You can see I attempted to change the password for the user I created locally to see if it would validate, but it keeps saying the password is wrong.

What I really want to do is recreate the users locally so they no longer have to be validated through the external authentication server.

Anyway to do this? Am I making any sense?

I hope someone can help.

The real question is is there a way to create local users that can authenticate

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

RE: PAM Authentication Failing

Depends on what was used to connect the machine to the Active Directory domain initially. The error messages suggest WinBind

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: PAM Authentication Failing

From what I can find it is using Winbind. wbinfo -D servname gives me some details of the server being used.

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

RE: PAM Authentication Failing

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

RE: PAM Authentication Failing

I need to be able to remove the winbind authentication, and only use local authentication. Does anyone know how to accomplish this?

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

RE: PAM Authentication Failing

I don’t have an AD system to test on but,

should be the command line for breaking the Active Directory ‘join’.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: PAM Authentication Failing

Thanks foir that, but when I try to use that command I get this error:

Failed to leave domain: failed to find DC for domain serverName.com

Any other ideas?

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

RE: PAM Authentication Failing

Had to use the authconfig-tui tool to set authentication back to the shadow file and remvoe the authenitcation through ldap and winbind. Then just had to add the users and give them bash access. Same user names, so kept access ot the home folders and paths.

———————————-
Phil AKA Vacunita
———————————-
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Источник

[{«Product»:{«code»:»SSZUMP»,»label»:»IBM Spectrum Symphony»},»Business Unit»:{«code»:»BU059″,»label»:»IBM Software w/o TPS»},»Component»:»Not Applicable»,»Platform»:[{«code»:»PF025″,»label»:»Platform Independent»}],»Version»:»7.1.2;7.2.0″,»Edition»:»»,»Line of Business»:{«code»:»LOB10″,»label»:»Data and AI»}}]

HI,

When I connect to the jupyterhub interface via a localhost: 8000 URL.
I receive an error message on my vm cento7.
Here’s the message:

1-If user no admin I receive this message:

[I 2017-03-30 09:53:35.951 JupyterHub app:1453] Hub API listening on http://localhost:54321/hub/
[W 2017-03-30 09:53:35.960 JupyterHub app:1174] Running JupyterHub without SSL.  I hope there is SSL termination happening somewhere else... 

And In jupyterhub interface I receive this messge

[I 2017-03-30 09:53:35.960 JupyterHub app:1176] Starting proxy @ http:// localhost:8000/
09:53:36.458 - info: [ConfigProxy] Proxying http://localhost:8000 to http:// localhost:54321
09:53:36.471 - info: [ConfigProxy] Proxy API at http:// localhost:5432/api/routes
[I 2017-03-30 09:53:36.579 JupyterHub app:1485] JupyterHub is now running at http:// localhost:8000/
[I 2017-03-30 09:54:54.509 JupyterHub spawner:783] Spawning jupyterhub-singleuser '--user="team_k"' '--cookie-name="jupyter-hub-token-team_k"' '--base-url="/user/team_kleber"' '--hub-host=""' '--hub-prefix="/hub/"' '--hub-api-url="http:// localhost:54321/hub/api"' '--ip="127.0.0.1"' --port=37186
[E 2017-03-30 09:54:54.518 JupyterHub spawner:793] Permission denied trying to run '/root/anaconda3/bin/jupyterhub-singleuser'. Does team_k have access to this file?
[E 2017-03-30 09:54:54.527 JupyterHub user:251] Unhandled error starting team_k's server: [Errno 13] Permission denied
[E 2017-03-30 09:54:54.578 JupyterHub web:1548] Uncaught exception POST /hub/login?next= (10.16.79.166)
    HTTPServerRequest(protocol='http', host='localhost:8000', method='POST', uri='/hub/login?next=', version='HTTP/1.1', remote_ip='10.16.79.166', headers={'Accept': 'application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*', 'Cache-Control': 'no-cache', 'Content-Length': '36', 'X-Forwarded-Proto': 'http', 'Accept-Language': 'fr-FR', 'X-Forwarded-Port': '8000', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept-Encoding': 'gzip, deflate', 'Connection': 'close', 'X-Forwarded-For': '10.16.79.166', 'Dnt': '1', 'User-Agent': 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3)', 'X-Forwarded-Host': ' localhost:8000', 'Host': localhost:8000', 'Referer': 'http:// localhost:8000/hub/login'})
    Traceback (most recent call last):
      File "/root/anaconda3/lib/python3.5/site-packages/tornado/web.py", line 1469, in _execute
        result = yield result
      File "/root/anaconda3/lib/python3.5/site-packages/jupyterhub/handlers/login.py", line 84, in post
        yield self.spawn_single_user(user)
      File "/root/anaconda3/lib/python3.5/site-packages/jupyterhub/handlers/base.py", line 328, in spawn_single_user
        yield gen.with_timeout(timedelta(seconds=self.slow_spawn_timeout), f)
      File "/root/anaconda3/lib/python3.5/site-packages/jupyterhub/user.py", line 261, in spawn
        raise e
      File "/root/anaconda3/lib/python3.5/site-packages/jupyterhub/user.py", line 229, in spawn
        ip_port = yield gen.with_timeout(timedelta(seconds=spawner.start_timeout), f)
      File "/root/anaconda3/lib/python3.5/types.py", line 243, in wrapped
        coro = func(*args, **kwargs)
      File "/root/anaconda3/lib/python3.5/site-packages/jupyterhub/spawner.py", line 787, in start
        start_new_session=True, # don't forward signals
      File "/root/anaconda3/lib/python3.5/subprocess.py", line 947, in __init__
        restore_signals, start_new_session)
      File "/root/anaconda3/lib/python3.5/subprocess.py", line 1551, in _execute_child
        raise child_exception_type(errno_num, err_msg)
    PermissionError: [Errno 13] Permission denied
[E 2017-03-30 09:54:54.697 JupyterHub log:99] {
      "Accept": "application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*",
      "Cache-Control": "no-cache",
      "Content-Length": "36",
      "X-Forwarded-Proto": "http",
      "Accept-Language": "fr-FR",
      "X-Forwarded-Port": "8000",
      "Content-Type": "application/x-www-form-urlencoded",
      "Accept-Encoding": "gzip, deflate",
      "Connection": "close",
      "X-Forwarded-For": "10.16.79.166",
      "Dnt": "1",
      "User-Agent": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 1.1.4322; .NET4.0C; .NET4.0E; InfoPath.3)",
      "X-Forwarded-Host": " localhost:8000",
      "Host": " localhost:8000",
      "Referer": "http://localhost:8000/hub/login"
    }
[E 2017-03-30 09:54:54.697 JupyterHub log:100] 500 POST /hub/login?next= (@10.16.79.166) 302.29ms

And
In jupyterhub interface I receive this messge

500 : Internal Server Error 
Failed to start your server. Please contact admin. 

2-If user admin I receive this message:

[E 2017-03-30 10:03:45.035 JupyterHub log:100] 500 POST /hub/login?next= (@10.16.79.166) 167.53ms
[I 2017-03-30 10:03:58.426 JupyterHub log:100] 302 GET / (@10.16.79.166) 2.05ms
[I 2017-03-30 10:03:58.428 JupyterHub log:100] 302 GET /hub (@10.16.79.166) 0.63ms
[I 2017-03-30 10:03:58.435 JupyterHub log:100] 302 GET /hub/ (@10.16.79.166) 1.37ms
[I 2017-03-30 10:03:58.441 JupyterHub log:100] 302 GET /login (@10.16.79.166) 1.29ms
[I 2017-03-30 10:03:58.460 JupyterHub log:100] 200 GET /hub/login (@10.16.79.166) 15.11ms
[W 2017-03-30 10:04:35.886 JupyterHub auth:471] PAM Authentication failed (u004753@10.16.79.166): [PAM Error 7] Authentication failure
[I 2017-03-30 10:04:35.899 JupyterHub log:100] 200 POST /hub/login?next= (@10.16.79.166) 1655.52ms

And
In jupyterhub interface I receive this messge

Sign in 
Warning: JupyterHub seems to be served over an unsecured HTTP connection. We strongly recommend enabling HTTPS for JupyterHub. 
Invalid username or password 
Username: Password